Microsoft Powerpoint Vulnerability

April 3, 2009

IMPORTANT INFORMATION REGARDING: Microsoft PowerPoint Vulnerability

A vulnerability has been discovered in various software versions of
Microsoft PowerPoint.  Exploitation of this vulnerability can lead to
code execution at the rights level of the logged in user.  No patches or
workarounds have been released.

Microsoft has stated that exploit attempts have been seen in the wild,
on a limited/targeted basis.

Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office XP
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft Powerpoint 2003

As previously stated, successful exploitation limits malicious code
execution to the rights of the logged on user. Steps should be taken to
ensure permissions for various account types are regulated per
applicable policies.

Successful exploitation of this vulnerability requires user interaction
with the specially crafted PowerPoint file.  Users would therefore have
to to click links in malicious e-mails, or otherwise convinced to visit
websites hosting malicious PowerPoint files.  The best defense against
this is educating users on the dangers of accepting files and acting
upon links to websites provided to them via e-mail, IM, or other means
from unknown parties.



Microsoft Security Advisory (969136)

Adobe Releases Fix for Flash

February 26, 2009

Adobe released a fix for its Flash Player yesterday that mitigates 5 different attack vectors.  Some of the flaws could allow a malicious attacker to take over a compromised system merely by enticing a user to a page with a compromised .swf (Flash) file.

Flash player and earlier for:

Windows, Mac OSX, Linux


Adobe Security Bulletin:

Patch for v. 10

Patch for v. 9


Make sure to patch each browser that you have installed.  You can do this by visiting the patch link each time for each browser.